Some useful tidbits to use when using the OpenWRT embedded web server (uHTTPD).
uHTTPd supports running Lua in-process, which can speed up Lua CGI scripts. It is unclear whether LuCI supports running in this embedded interpreter. LuCI seems to work fine (if not better) with the embedded Lua interpreter.
root@OpenWrt:~# opkg install uhttpd-mod-lua Installing uhttpd-mod-lua (18) to root... Downloading http://downloads.openwrt.org/snapshots/trunk/ar71xx/packages/uhttpd-mod-lua_18_ar71xx.ipk. Configuring uhttpd-mod-lua. root@OpenWrt:~# uci set uhttpd.main.lua_prefix=/lua root@OpenWrt:~# uci set uhttpd.main.lua_handler=/root/test.lua root@OpenWrt:~# cat /root/test.lua function handle_request(env) uhttpd.send("HTTP/1.0 200 OKrn") uhttpd.send("Content-Type: text/plainrnrn") uhttpd.send("Hello world.n") end root@OpenWrt:~# /etc/init.d/uhttpd restart root@OpenWrt:~# wget -qO- http://127.0.0.1/lua/ Hello world. root@OpenWrt:~#
Tested on Backfire 10.03.1 with uHTTPd 28.
HTTPS Enable and Certificate Settings and Creation
First of all, you need to install the
uhttpd-mod-tls package in order to pull into the system the 'TLS plugin which adds HTTPS support to uHTTPd'. Then if listen_https is defined in the server configuration, the certificate and private key is missing. In this case (as of 10.03.1) you'll need to install the
luci-ssl meta-package which in turn will pull also the
px5g script. With this utility the init script will generate the appropriate certifcate and key files when the server is started for the first time, either by reboot or by manual restart. The
/etc/config/uhttpd file contains in the end a section detailing the certificate and key files creation parameters:
|days||integer||no||730||Validity time of the generated certificates in days|
|bits||integer||no||1024||Size of the generated RSA key in bits|
|country||string||no||DE||ISO country code of the certificate issuer|
|state||string||no||Berlin||State of the certificate issuer|
|location||string||no||Berlin||Location/city of the certificate issuer|
|commonname||string||no||OpenWrt||Common name covered by the certificate|
Those will be needed only once, at the next restart.
Basic Authentication (httpd.conf)
For backward compatibility reasons, uhttpd uses the old Busybox httpd
config file /
etc/httpd.conf to define authentication areas and the
associated usernames and passwords. This configuration file is not in
UCI format and usually shipped or generated by external packages like
webif (X-Wrt). Authentication realms are defined in the format
prefix:username:password with one entry per line followed by a
- prefix is the URL part covered by the realm, e.g. /cgi-bin to request basic auth for any CGI program
- username specifies the username a client has to login with
- password defines the secret password required to authenticate
The password can be either in plain text format, MD5 encoded or in the form $p$user where user refers to an account in /etc/shadow or /etc/passwd. A plain text password can be converted to MD5 encoding by using the -m switch of the uhttpd executable:
root@OpenWrt:~# uhttpd -m secret $1$$ysVNzQc4CTMkp5daOdZ.3/
If the $p$- format is used, uhttpd will compare the client provided
password against the one stored in the shadow or passwd database.
Note that this creates a empty salt!
Like Busybox HTTPd, the URL decoding of strings on the command line is supported through the -d switch:
root@OpenWrt:/# uhttpd -d "An%20URL%20encoded%20String%21%0a" An URL encoded String!